Details
FileName | |
---|---|
Malware Family | CyberGate |
Date Added | 2015-11-07 20:04:07 |
MD5 | 88dd57bb16a5b057d7dba95618232f04 |
Sha256 | 9c2a573809556c3c0e9802b1204415724ea9f4a146792d771d6df0564dfaf414 |
Robot | Robots lovingly delivered by robohash.org |
Advertising
Config Data
FTPPassword | ????4 |
---|---|
CampaignID | Cyber |
Password | 123456 |
USBSpread | 1000 |
FTPDirectory | ./logs/ |
FTPAddress | ftp.server.com |
InstallDir | WinDir |
Persistance | TRUE |
InstallMessageTitle | AlphaSquad |
KeyloggerBackspace | TRUE |
HideFile | TRUE |
Mutex | 2OWD7MD451EPOC |
Domain | zzz.no-ip.biz, |
FTPPort | 21 |
REGKeyHKCU | HKCU |
MessageBoxIcon | 64 |
Port | 100, |
CyberGateVersion | |
StartupPolicies | Policies |
REGKeyHKLM | HKLM |
FTPUserName | ftp_user |
ChangeCreationDate | TRUE |
MeltFile | FALSE |
InstallFileName | Svchost.exe |
KeyloggerEnableFTP | FALSE |
FTPInterval | 30 |
InstallMessageBox | This is a test program! |
InstallFlag | TRUE |
ActiveXStartup | {RBF5K11E-2JQ0-850Q-2613-8K580NRGE7CI} |
EnableMessageBox | TRUE |
ActivateKeylogger | TRUE |
MessageBoxButton | 0 |
Virustotal
44 out of 51 AV Engines identified the sample as Malicious.